johnwallace123
commented
7 years ago Since the first argument in the tpm-luks.conf is simply passed to cryptsetup, and in RHEL7, cryptsetup understands "UUID=" syntax, this is fixed by coincidence!
Closed johnwallace123 closed 7 years ago
johnwallace123
commented
7 years ago Since the first argument in the tpm-luks.conf is simply passed to cryptsetup, and in RHEL7, cryptsetup understands "UUID=" syntax, this is fixed by coincidence!
johnwallace123
commented
7 years ago Although the cryptsetup command can use the UUID, the cryproot-ask-tpm script needs to be able to use this as well. Currently, $DEVICE is passed as argument $1 to the script, but that is in the traditional "/dev/sdaX" format. We'll need to within cryptroot-ask-tpm, create a "shadow" tpm-luks.conf that will translate "LABEL=" and "UUID=" to the /dev/sdaX.
johnwallace123
commented
7 years ago Resolved in commit 5031fc88f4eb2ff6d54c6668bd612bf55f9d7eaa
Currently, /etc/tpm-luks.conf only accepts /dev/sdX entries (it passes this directly to cryptsetup). To prevent reordering of disks affecting the boot process, we should allow UUIDs in tpm-luks.conf.